How to add Private Key to SSL Cert

In scenarios where a SSL cert is dure to renewal but the renewed one (the one downloaded from provider after renewal) does not have the private key in it, we can import the private key from the previous expiring cert into the new one easily. 

You can tell which certs have/don’t have private key from their icons in the cert store, the little key on the cert icon represents the pkey (see below): 

Steps to add the Private key of an existing cert into a renewed one : 

  • Install the expiring cert in the Personal certificate store on a PC 
  • Install current cert (the renewed one without private key) in the Personal cert store of the same PC 
  • Locate and note down the serial number (open the cert and go to details tab) 
  • Open an elevated command prompt and run the command below 
  • certutil -repairstore my <serialnumber of the new cert without pkey> 
  • Now the new cert has the private key, you can export it as pfx and include the pkey by ticking the box during the export. 
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...